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(57) Authentication circuits (2-3 to 2-1 1 ) are provid- 
ed between a debug l/F circuit (2-1) and a debug termi- 
nal. The authentication circuit transmits a transmission 
key to externally at the time of activation, and authenti- 



cates from a received signal and the transmission key, 
and enables to access a debug l/F. It is possible to pre- 
vent a spurious access from the debug l/F by a third per- 
son by the authentication circuit. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 5 

[0001 ] The present invention relates to an IC, an elec- 
tronic device, a method for debugging the IC, a method 
for debugging the electronic device, and a debugger, 
having a security function for preventing a spurious ac- 
quisition of a behavior of an internal circuit of the IC. 

2. Description of the Related Arts 



of the device shipped to the field, the third person uses 
the debug l/F terminal, so that a behavior of a central 
processing unit (CPU) can accurately and readily be re- 
verse-engineered, and thus needs high-performance in 
security. 

[0009] However, in the case where the conventional 
device uses the CPU provided with the debug l/F func- 
tion, a clue of analysis is given to the third person. For 
example, in the case of a POS register using the CPU 
with the debug l/F function, a debug unit of the debug I/ 
F is connected to a personal computer etc., so that even 
data such as a password, a cryptographic key, or the 
like can readily be searched. 



10 



[0002] In every field such as an electronic commerce, 1$ 
etc., a device of higher security is demanded. For this 
reason, various methods for preventing a reverse engi- 
neering in the device have been devised. However, ir- 
respective of these trials, a reverse engineering ROM, 
or the like has been prepared, and an abuse for a reluc- 20 
tant use for a developer of the device does not become 
extinct. Forthis reason, a system in which a third person 
is incapable of engineering operation itself of the device 
is demanded. 

[0003] Fig. 9 is an explanatory diagram of the prior 25 
art. As shown in Fig. 9, an LSI 110 is provided with a 
CPU 200, a peripheral circuit 300, and a bus 600 for 
connecting therewith. In this LS1 110, the CPU 200 ac- 
quires data or programs from the peripheral circuit 300, 
and processes the data, and outputs them to the periph- 30 
eral circuit 300. 

[0004] On the other hand, in the case where the de- 
vice is developed by use of this LSI 110, a processing 
behavior of the CPU 200 is directly monitored, and the 
programs or the like are verified. A verification method 35 
for monitoring output data of the peripheral circuit 300 
is executed, but a behavior of the CPU 200 up to the 
output cannot be elucidated from the output data. 
[0005] For this reason, the CPU 200 is provided with 
a debug l/F (interface) circuit 400 via another bus 500. 40 
An external debug controller 100 of the LS1 110 is con- 
nected to the debug l/F 400, and supplies a clock CLK, 
and inputs a signal SIN, and obtains an output SOUT 
[0006] This debug l/F circuit 400 is exploited for ac- 
quiring a behavior (contents of a program counter, a reg- 45 
ister, or the like) of the CPU 200 at the time of developing 
the device, and in the case where the device is shipped 
to a field, the debug l/F circuit 400 is similarly exploited 
at the time of the occurrence of a fault, and at the time 
of diagnosing the device. so 
[0007] A security function is not provided in the prior 
art with respect to an access from the debug l/F 400, as 
described above. 

[0008] In the device which does not require a conven- 
tional normal security, a debug l/F terminal is seen from 55 
outside irrespective of the time of being unused/the time 
of being used, and is entirely defenseless for the exploi- 
tation by the third person. For this reason, in the case 



SUMMARY OF THE INVENTION 

[001 0] It is therefore an object of the present invention 
to provide an IC, an electronic device, a debug method, 
and a debugger for restricting a use of a debug l/F and 
preventing a spurious reverse engineering by a third 
person. 

[001 1 ] It is another object of the present invention to 
provide an IC, an electronic device, a debug method, 
and a debugger in which an authentication logic is pro- 
vided between the debug l/F circuit in the LSI and an 
external terminal, and a restriction is formed in exploiting 
the debug l/F. 

[0012] It is yet another object of the present invention 
to provide an IC, an electronic device, a debug method, 
and a debugger for preventing the engineering of the 
authentication logic between the debug l/F circuit in the 
LSIs and the external terminal. 
[001 3] It is a further object of the present invention to 
provide an IC, an electronic device, a debug method, 
and a debugger for detecting the spurious reverse en- 
gineering by a third person which restricts the use of the 
debug l/F. 

[001 4] In order to attain the above objects, according 
to a first aspect of the present invention there is provided 
an IC comprising an internal circuit; a debug l/F circuit 
for debugging the internal circuit from externally; and an 
authentication circuit which is provided between the de- 
bug l/F circuit and a debug terminal, and when the de- 
bug l/F circuit is activated, transmits a transmission key 
from the debug terminal to outside, and authenticates 
from a signal received from the debug terminal and a 
transmission key, and enables operation of the debug I/ 
F circuit. 

[0015] According to a second aspect of the present 
invention there is provided an electronic device mount- 
ed with an IC, the IC comprising an internal circuit; a 
debug l/F circuit for debugging the internal circuit from 
externally; and an authentication circuit which is provid- 
ed between the debug l/F circuit and the debug terminal, 
and when the debug l/F circuit is activated, transmits the 
transmission key from the debug terminal to outside, 
and collates the signal received from the debug terminal 
with the transmission key, and enables operation of the 
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debug l/F circuit. 

[0016] According to a third aspect of the present in- 
vention there is provided a debugging method compris- 
ing the steps of transmitting the transmission key to ex- 
ternally when the debug l/F circuit is activated; and au- 
thenticating the signal received from externally and the 
transmission key to enable operation of the debug l/F 
circuit. 

[001 7] According to a fourth aspect of the present in- 
vention there is provided a debugger for debugging an 
IC, the IC comprising an internal circuit; a debug l/F cir- 
cuit for externally debugging the internal circuit; and an 
authentication circuit which is provided between the de- 
bug l/F circuit and the debug terminal, and when the de- 
bug l/F circuit is activated, transmits the transmission 
key from the debug terminal to outside, and collates the 
signal received from the debug terminal with the trans- 
mission key, and enables operation of the debug l/F cir- 
cuit, further comprising: the discrimination device which 
is provided between a debug unit and the debug l/F cir- 
cuit, and receives the transmission key to encode it by 
a predetermined key, and transmits the reception signal. 
[0018] Since an authentication circuit is provided be- 
tween the debug l/F circuit and the debug terminal, it is 
possible to protect an internal circuit from a dishonesty 
such as performing reverse engineering of a motion of 
the internal circuit, etc. by exploiting the debug l/F of the 
third person, and to hold security higher than a conven- 
tional device. 

[0019] Furthermore, since the security is performed 
by a physical connection and an authentication algo- 
rithm by a set of a discrimination device and an IC, a 
high security is enabled. Furthermore, a spurious engi- 
neering by a PC (personal computer) is difficult. 
[0020] Furthermore, in the debugging method accord- 
ing to the present invention, the authentication step has 
a step of canceling a reset signal to the debug l/F circuit 
for enabling of the operation. In the LSI according to the 
present invention, the authentication circuit cancels the 
reset signal to the debug l/F circuit for enabling of the 
operation. For this reason, even if authenticated, it is 
possible to realize by cancellation of the existent reset. 
[0021] Furthermore, in the LSI according to the 
present invention, the authentication circuit forms an au- 
thentication key by encoding the transmission key by a 
predetermined key, and compares the reception signal 
with the authentication key. In the debugging method ac- 
cording to the present invention, the authentication step 
has a step of forming the authentication key by encoding 
the transmission key by the predetermined key, and of 
collating the reception signal with the authentication key. 
Thanks to this encoding, a higher security is possible. 
[0022] In the LSI according to the present invention, 
the authentication circuit awaits a time of the operation 
enabling. In the debugging method according to the 
present invention, the authentication step has a step of 
waiting a time of the operation enabling. Before and after 
judgment of a serial data key, a watting time is provided 



after the end of agreement judgment by use of a timer. 
Forthis reason, even if the third person inputs any cryp- 
tographic key data, it takes much time to obtain authen- 
tication results (reset). This causes to prevent the use 
5 of the spurious debug l/F by the third person, and fur- 
thermore when retrying several times, it takes enormous 
time. 

[0023] In the LSI according to the present invention, 
the authentication circuit forms the transmission key 
io with random numbers, whereby each time serial data 
(transmission key) to be transmitted are activated, the 
random numbers are based, so that the serial data are 
set as transmission and reception data different every 
time, rendering the analysis thereof difficult. 

15 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0024] 

20 Fig. 1 is a block diagram of an LSI according to an 
embodiment of the present invention; 
Fig. 2 is an explanatory diagram of an authentica- 
tion processing of Fig. 1 ; 

Fig. 3 is an explanatory diagram of a debugging 

25 method of the LSI of Fig. 1 ; 

Fig. 4 is an explanatory diagram of preventing a 
spurious access to the LSI of Fig. 1 ; 
Rg. 5 is an explanatory processing of another au- 
thentication processing of Fig. 1 ; 

30 Rg. 6 is an explanatory diagram of an electronic de- 
vice comprising the LSI of Fig. 1 ; 
Fig. 7 is a block diagram of a peripheral circuit of 
Fig. 1; 

Rg. 8 is a configuration diagram of a POS system 
35 comprising the LSI of Fig. 6; and 

Fig. 9 is an explanatory diagram of the prior art. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

40 

[0025] The preferred embodiments of the present in- 
vention will now be described by sorting it into a LSI, an 
electronic device, and other embodiments. 

45 [LSI] 

[0026] Rg. 1 is a block diagram of an LSI and a debug 
mechanism according to a first embodiment of the 
present invention, Fig. 2 is an explanatory diagram of 
so the authentication processing, Fig. 3 is a diagram for ex- 
plaining operation at the time of a due use, and Fig. 4 is 
a diagram for explaining operation at the time of a spu- 
rious use. 

[0027] In Fig. 1 , reference numeral 2 denotes a sys- 
55 tern LSI with a CPU. A debug l/F utilization authentica- 
tion circuit according to the present invention is provided 
to the LSI 2. Reference numeral 1 denotes an external 
debug controller for utilizing the debug l/F inside the LSI 
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2. Reference numeral 3 denotes a discrimination de- 
vice, which is interposed between the LSI 2 and the de- 
bug controller 1 , so as to interlock with the authentica- 
tion circuit inside the LSI 2 and authenticate. 
[0028] The LSI 2 has a debug l/F circuit 2-1 , a CPU 
2-2, a debug bus 4-1 for connecting the l/F circuit 2-1 
and the CPU 2-2, and a peripheral circuit 2-1 2 connect- 
ed to a CPU bus 4-2. The peripheral circuit 2-12 is dif- 
ferent according to the use of LSIs, for example, an elec- 
tronic money funds transferring circuit that will be ex- 
plained in Fig. 6. 

[0029] In the embodiment of the present invention, the 
authentication circuit is provided in this CPU bus 4-2. A 
structure of the authentication circuit is explained. 
[0030] A port 4-2 receives write data of the CPU 2-2 
from the bus 4-2. A register 2-5 stores a debug l/F utili- 
zation transmission key formed by the CPU 2-2. A reg- 
ister 2-8 stores an authentication key formed by the CPU 
2-2. A transmission circuit 2-4 transmits the transmis- 
sion key of the register 2-5 in synchronism with a clock 
supplied by the discrimination device 3. A shift register 
2-6 receives a cryptographic key returned from the dis- 
crimination device 3. 

[0031] An agreement detection circuit 2-9 compares 
a cryptographic key of the shift register 2-6 with an au- 
thentication key of a register 2-8, and detects an agree- 
ment A timer circuit 2-7 starts counting clocks in re- 
sponse to an agreement detection output of the agree- 
ment detection circuit 2-9, and forms a signal for cance- 
ling a reset signal to the internal debug l/F circuit 2-1 
after a constant time. A reset gate 2-1 1 cancels an input 
to the debug l/F circuit 2-1 of the reset signal according 
to a reset cancellation signal. A reception-enabling gate 
2-1 0 enables the shift register 2-6 which fetches in data 
from a signal input terminal SIN in response to a recep- 
tion-enabling signal from a transmission circuit 2-4. 
[0032] Next, the discrimination device 3 is provided 
with a key reception circuit 3-1 . When the discrimination 
device 3 is turned on, the key reception circuit 3-1 trans- 
mits clocks and receives the aforesaid transmission key, 
and encodes it by a key determined previously and 
transmits the cryptographic key. 
[0033] Next, an operational procedure capable of uti- 
lizing the debug l/F will be explained with reference to 
Figs. 1 and 2. As shown in Fig. 1, the debug controller 
1 utilizing the debug l/F is connected to the LSI 2 via the 
discrimination device 3. 

® First, the LSI 2 and discrimination device 3 are 
turned on and activated. Then, a clock is supplied 
from the discrimination device 3 to the debug l/F 2-1 
of the LSI 2. Concurrently, the CPU 2-2 is activated 
in the LSI 2, and the LSI 2 forms the debug l/F uti- 
lizing transmission key and authentication key by a 
firmware, and writes them into the registers 2-5, 2-8 
via the bus 4-2 and port 2-3. At this time, the trans- 
mission key is formed based on a random number, 
and then the authentication key is generated by en- 



coding the transmission key by a predetermined 
key. 

© When the key is written, the transmission circuit 
2-4 transmits the transmission key in synchronism 

5 with a clock supplied by the discrimination device 3. 
® The key transmission and reception circuit 3-1 
in the discrimination device 3 receives the transmis- 
sion key, and encodes the transmission key by the 
key determined previously, and transmits the cryp- 

10 tograph ic (encoded) key. The predetermined key at 
this time is the same as the key used a little while 
ago by the firmware in the LSI 2. 
@ In the LSI 2, the shift register 2-6 receives the 
returned the cryptographic key, and the agreement 

15 detection circuit 2-9 compares it with the authenti- 
cation key of the register 2-8, and only in the case 
where there is an agreement, the agreement detec- 
tion circuit 2-9 transmits the agreement detection to 
the timer circuit 2-7. The timer circuit 2-7 waits for 

20 a constant time, and cancels a reset signal to the 
internal debug l/F 2-1 by the gate 2-11 . 

[0034] Thus, for the first time, the debug I/Fcircuit2-1 
of the LSI 2 can be utilized. Namely, the reset signal is 

25 transmitted from the debug controller 1 to the LSI 2, and 
resets the debug l/F circuit 2-1 , and utilizes the debug 
l/F circuit 2-1 , and can access the CPU 2-2. 
[0035] As shown in Fig. 3, a LSI provider offers the 
LSI 2 and discrimination device 3 to a developer for an 

30 apparatus. The encryption key of the LSI 2 is the same 
as the encryption key of the discrimination device 3. The 
developer mounts the LSI 2 on the target board 7, and 
develops the device. 

[0036] In the case where the debug is performed, the 

35 LSI 2 is connected to the discrimination device 3, which 
is connected to the debug controller 1 , the PC interface 
board 6, and the personal computer 5. When the dis- 
crimination device 3 intervenes therebetween, the 
above authentication sequence works to cancel a reset, 

40 so that the debugger on the PC 5 can utilize the debug 
l/F circuit 2-1 . Furthermore, even after the device is 
shipped to a field, the discrimination device 3 is connect- 
ed, thereby utilizing the debugger on the PC 5. 
[0037] On the other hand, as shown in Fig, 4, in the 

45 case where the discrimination device 3 is not connected, 
the reset is not canceled in the debug l/F circuit 2-1 of 
the LSI 2, and the debugger of the PC 5 cannot access 
the CPU 2-2 of the LSI 2. For example, after the device 
is shipped to the field, it is possible to protect the CPU 

so 2-2 from dishonesty such as reverse engineering of in- 
ternal operation of the CPU 2-2 by utilizing the debug I/ 
F of the third person, and to hold a higher security than 
in the conventional device. 

[0038] Namely, in a security technique such as a con- 
55 ventional password authentication, etc. , if the password 
is leaked, the security function is not performed, and the 
password is easy to elucidate by retrying. Accordingly, 
the security technique is unfit as a security mechanism 
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of the LSI 2 to be presented to a great number of users. 
According to this embodiment, since in order to obtain 
the security with a set of the discrimination device 3 and 
LSI 2, the security is carried out by the physical connec- 
tion and authentication algorithm, a high security is en- 
abled. Furthermore, the spurious engineering by the PC 
5 is difficult. 

[0039] Furthermore, in some cases, since the afore- 
said utilization authentication function is an encryption 
algorithm, a skillful spurious person knows existence of 
the authentication mechanism and tries the engineering 
by retrying the encryption key (data). According to this 
embodiment, since this engineering becomes difficult, 
the next technique is adopted. 
[0040] First, after the serial data key is judged, waiting 
time is provided after end of the agreement judgment by 
use of the timer 2-7. For this reason, even if the third 
person inputs any cryptographic key data by connection 
of Fig. 4, it takes much time until obtaining authentica- 
tion results (reset). Thus, the spurious debug l/F utiliza- 
tion by the third person is prevented, and it takes enor- 
mous time when retrying several times. 
[0041] Second, each time the serial data (transmis- 
sion key) to be transmitted are activated, the random 
numbers are based, so that the engineering becomes 
difficult as set as transmission and reception data differ- 
ent each time. 

[0042] Third, the reception operation of the shift reg- 
ister is conducted for a constant time after the transmis- 
sion key is transmitted, and only one time reception is 
made at the time of one time activation , and since if data 
are repeatedly input, not accepted, the engineering is 
difficult. 

[0043] Next, in Fig. 5, the authentication processing 
according to another embodiment of the present inven- 
tion will be explained. 

© First of all, when the LSI 2 and discrimination 
device 3 are turned on, a clock is supplied from the 
discrimination device 3 to the debug l/F 2-1 of the 
LSI 2. Concurrently, in the LSI 2, the CPU 2-2 is 
activated to form the debug l/F utilization transmis- 
sion key and authentication key by the firmware, as 
described above, to write them into the registers 
2-5, 2-8 via the bus 4-2 and the port 2-3. 
(D When the key is written, in synchronism with the 
dock supplied by the discrimination device 3, the 
transmission circuit 2-4 transmits the transmission 
key. 

® The key transmission and reception circuit 3-1 
in the discrimination device 3 receives the transmis- 
sion key, and encodes the transmission key by the 
key determined previously, and transmits the cryp- 
tographic (encoded) key. The predetermined key at 
this time is the same as the key used a little while 
ago by the firmware in the LSI 2. The discrimination 
device 3 annexes a user ID and transmits it to the 
LSI 2. 



® In the LSI 2, the shift register 2-6 receives the 
returned cryptographic key, and the agreement de- 
tection circuit 2-9 compares it with the authentica- 
tion key of the register 2-8, and only in the case 

5 where there is an agreement, the agreement detec- 
tion circuit 2-9 transmits the agreement detection to 
the timer circuit 2-7. After the timer circuit 2-7 waits 
for a constant time, the timer circuit 2-7 cancels an 
input of the reset signal to the internal debug l/F 2-1 

10 of the gate 2-1 1 . Furthermore, the user I D is logged. 
For this reason, if information of the transmission 
key should be leaked, it is possible to specify which 
user has leaked, from the logged user IDs. 

15 [0044] According to the embodiment of the present in- 
vention, the description device 3 adopts a method of en- 
coding the received transmission key and use ID by the 
key, thereby preventing the user ID from being readily 
changed. 

20 

[Electronic Devices] 

[0045] Next, electronic devices comprising the afore- 
said system LSI 2 will be explained. Rg. 6 is an explan- 

25 atory diagram of an example to which the system LSI 2 
is applied, Fig. 7 is a structural diagram of a peripheral 
circuit of the LSI 2 in this application example, and Fig. 
8 is an explanatory diagram of the electronic devices. 
[0046] As shown in Fig. 6, the system LSI 2 is a card 

30 funds transferring LSI, and has a debit card funds trans- 
fer function 40, a credit card funds transfer function 41 , 
an electronic money funds transfer function 42, and oth- 
er service functions 43. For this reason, the LSI 2 is con- 
nected to an IC card reader/writer 30, a magnetic card 

35 reader 31 , and a display and key 32. Furthermore, as 
occasion arises, the LSI 2 is connected to a receipt print- 
er 33. These funds transfer functions 40 to 43 are real- 
ized by execution of the programs of the CPU 2-2 of the 
LSI 2. 

6 [0047] Accordingly, by mounting this LSI 2, a card 
funds transfer function is imparted to various electronic 
devices 50 to 57. These electronic devices are, for ex- 
ample, a POS (point of sales) reader/writer 50, an inte- 
grated terminal 51 , a mobile terminal 52, an ATM (auto- 

45 matic teller machine) 53, an automatic vending machine 
54, a PDA (personal digital assistant) 55, a portable tel- 
ephone 56, and a PC (personal computer) 57. 
[0048] The peripheral circuit 2-12 of the LSI 2 for the 
card funds transfer will be explained with reference to 

so Rg. 7. 

[0049] The peripheral circuit 2-12 has a smart card 
controller 60, a MS (Magnetic stripe) control circuit 61 , 
a LCD control circuit 62, a matrix KB control circuit 63, 
a memory controller 64, and serial I/O ports 69 to 72. 
55 Rg. 7 shows the above LSI 2 mounted on the target 
board 7, and for clarity of description of the LSI 2, only 
the CPU 2-2 and peripheral circuit 2-12 (60-64, 69-72) 
are shown. Of course, the LSI 2 includes the debug l/F 
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2-1 and the authentication circuit. 
[0050] The smart card controller 60 reads/writes data 
of the IC card (called a smart card) via the IC card read- 
er/writer 30. The MS control circuit controls the MS 
(magnetic stripe) reader 31 . The LCD control circuit 62 
controls a display of the LCD (liquid crystal display) 
32-1 . The matrix KB control circuit 63 recognizes an in- 
put of a ten key 32-2. The memory controller 64 controls 
an input/output into/from various memories (a ROM 65, 
a SRAM 66, a FLASH 67, a SDRAM 68) on the board 
7. The serial ports 69 to 72 are connected to drivers 73 
to 75 of the port 7 for inputting and outputting the serial 
data. These are each connected to the CPU bus 4-2. 
[0051 ] Fig. 8 is a system configuration diagram of the 
electronic device comprising a funds transferring LSI, 
showing a POS (point of sales) system. The network 35 
is connected to a store controller 20 and a plurality of 
POS terminals 1 0. The POS terminals 1 0 are connected 
to the IC card reader/Writer 30. 
[0052] The store controller20 and the plurality of POS 
terminals 10 are provided with the above funds trans- 
ferring LSIs (called an IFD), which exchanges directly 
funs transfer data. 

[0053] An IC card 34-1 for customers exchanges 
messages with a POS IC card 34-2 via the IFD 2, and 
the POS IC card 34-2 exchanges messages with the IC 
card 34-2 of the store controller 20 via an IFD 2, a ter- 
minal controller 1 1 , a network 35, the terminal controller 
11, and the IFD 2. 

[0054] For example, in the case where the electronic 
funds transfer is carried out by the IC card, customer's 
data of the IC card 34-1 are stored in the POS IC card 
34-2 via the IFD 2. Thereafter, the stored data of the 
POS IC card 34-2 are stored in the IC card 34-2 of the 
store controller 20 via the IFD 2, the terminal controller 
11, the network 35, the terminal controller 11, and the 
IFD 2. 

[0055] In this system, as a route of the electronic 
funds transfer data is closed by the IFD 2, there is no 
fear that funds transfer data (a password, an accounting 
number, a balance, and the like) are leaked. Therefore, 
safety is high. 

[0056] However, as described above, if accessing the 
CPU 2-2 by utilizing the debug l/F, it is possible to make 
a spurious acquisition of funds transfer data (a pass- 
word, an accounting number, a balance, and the like), 
so that there is a fear of abusing. Accordingly, an au- 
thentication mechanism according to the present inven- 
tion is, in particular, valid for such uses. 

[Other Embodiments] 

[0057] In addition to the aforesaid embodiments, the 
following modifications according to the present inven- 
tion are possible: 

(1 ) According to the aforesaid embodiments, the re- 
set signal is canceled by the authentication, but a 



gate may be provided at a clock input side of the 
debug l/F 2-1 , so that a clock input is enabled by 
the authentication. 

(2) According to the aforesaid embodiments, the 
5 waiting time are provided by the timer after the 

agreement judgment, but the waiting time may be 
performed for the judgment by the timer before the 
agreement judgment. 

(3) In the case where the disagreement is detected 
10 by the agreement judgment, this can be notified to 

the peripheral circuit. Thus, the peripheral circuit 
judges as a spurious access, and for example, it is 
possible to make a disposition such as erasing of 
data required for the security. 
15 (4) The system LSI is explained for the card funds 
transfer, but it may be used as the other applica- 
tions. 

(5) The explanation is made as the debug l/F of the 
CPU, but the present invention can be applied to 
20 the debug l/F of the other circuits. 

[0058] Although the present invention has been de- 
scribed in light of the preferred embodiments thereof, 
the present invention could be variously modified with- 
25 out departing from the sprit of the present invention, and 
those modifications are not to be excluded from the 
scope of the invention. 

[0059] As set forth hereinabove, according to the 
present invention, the following effects are presented. 

30 [0060] Since the authentication circuit is provided be- 
tween the debug l/F circuit and the debug terminal, it is 
possible to protect the internal circuit from dishonesty 
such as the reverse engineering, etc. of operation of the 
internal circuit by utilizing the debug l/F of the third per- 

35 son, and to hold the security higher than the convention- 
al device. 

[0061] Furthermore, since the security is carried out 
by the physical connection and authentication algorithm 
with a set of the discrimination device 3 and LSI 2, there- 
to fore, the high security is enabled. Furthermore, the spu- 
rious engineering by the PC 5 is difficult. 



Claims 

45 

1. An IC comprising: 

an internal circuit; 

a debug l/F circuit for debugging the internal cir- 

50 cuitfrom externally; and 

an authentication circuit which is provided be- 
tween the debug l/F circuit and a debug termi- 
nal for connecting outside, and for transmitting 
a transmission key from the debug terminal to 

55 outside, and authenticating from a signal re- 

ceived from the debug terminal and said trans- 
mission key to enable operation of the debug I/ 
F circuit. 
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2. The IC according to claim 1 , wherein the authenti- 
cation circuit cancels a reset signal to the debug I/ 
F circuit for enabling the operation. 

3. The IC according to claim 1 , wherein the authenti- s 
cation circuit generates an authentication key that 

is obtained by encrypting the transmission key by a 
predetermined key, and collates said reception sig- 
nal with the authentication key. 

10 

4. The IC according to claim 1, wherein the authenti- 
cation circuit time-awaits the operation enabling. 

5. The IC according to claim 1 , wherein the authenti- 
cation circuit generates the transmission key by is 
random numbers. 

6. An electronic device mounted with an IC, said IC 
comprising: 

20 

an internal circuit; 

a debug l/F circuit for debugging the internal cir- 
cuit from externally; and 
an authentication circuit which is provided be- 
tween the debug l/F circuit and a debug termi- 25 
nal for connecting outside, and for transmitting 
a transmission key from the debug terminal to 
outside, and collating the signal received from 
the debug terminal with the transmission key to 
enable operation of the debug l/F circuit. 30 

7. The electronic device according to claim 6, wherein 
the authentication circuit cancels the reset signal to 
the debug l/F circuit for enabling the operation. 

35 

8. The electronic device according to claim 6, wherein 
the authentication circuit generates the authentica- 
tion key that is obtained by encrypting the transmis- 
sion key by a predetermined key, and collates the 
reception signal with the authentication key. 40 

9. The electronic device according to claim 6, wherein 
the authentication circuit time-awaits the operation 
enabling. 

45 

1 0. The electronic device according to claim 6, wherein 
the authentication circuit forms the transmission 
key by the random numbers. 

1 1 . A debugging method for utilizing a debug l/F circuit so 
and debugging an internal circuit from externally, 
comprising the steps of: 

transmitting a transmission key to externally 
when the debug l/F circuit is activated; and ss 
authenticating the signal received from exter- 
nally and the transmission key to enable oper- 
ation of the debug l/F circuit. 



12. The debugging method according to claim 11, 
wherein the authentication step includes a step of 
canceling a reset signal to the debug l/F circuit for 
enabling the operation. 

13. The debugging method according to claim 11, 
wherein the authentication step includes: 

a step of generating an authentication key that 
is obtained by encrypting the transmission key 
by a predetermined key, and 
a step of collating the received signal with the 
authentication key. 

14. The debugging method according to claim 11, 
wherein the authentication step has a step of time- 
awaiting the operation enabling. 

15. The debugging method according to claim 11, 
wherein the transmission step has a step of forming 
the transmission key by the random numbers. 

16. The debugging method according to claim 11, fur- 
ther comprising: 

a step of receiving the transmission key and en- 
coding it by a predetermined key, and transmit- 
ting the received signal with a discrimination 
device provided between a debugger and the 
debug l/F circuit. 

17. A debugger for debugging an IC, the IC comprising 
an internal circuit; a debug l/F circuit for debugging 
the internal circuit; and an authentication circuit 
which is provided between the debug l/F circuit and 
the debug terminal, said debugger comprising: 

a debug unit for debugging said LSI; and 
a discrimination device which is provided be- 
tween said debug unit and said debug l/F cir- 
cuit, and for receiving a transmission key from 
said authentication circuit, encrypting said 
transmission key by a predetermined key, and 
transmitting the encrypted key to said authen- 
tication circuit to enable debugging of said IC 
by said debug unit. 
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FIG. 2 
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FIG. 5 
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